Using CloudFront with Amazon S3

You can store your content in an Amazon S3 bucket and use CloudFront to distribute the content. This topic explains how to use CloudFront with your
S3 bucket, and how to update your CloudFront distribution if you move the S3 bucket to a different region.

Adding CloudFront When You're Distributing Content from Amazon S3

If you store your objects in an Amazon S3 bucket, you can either have your users get your objects directly from S3, or you can
configure CloudFront to get your objects from S3 and distribute them to your users.

Using CloudFront can be more cost effective if your users access your objects frequently because, at higher usage, the price for CloudFront
data transfer is lower than the price for Amazon S3 data transfer. In addition, downloads are faster with CloudFront than with Amazon S3 alone
because your objects are stored closer to your users.

If you currently distribute content directly from your Amazon S3 bucket using your own domain name (such as example.com)
instead of the domain name of your Amazon S3 bucket (such as MyAWSBucket.s3.amazonaws.com), you can add CloudFront with no disruption
by using the following procedure.

When you create the distribution, specify the name of your Amazon S3 bucket as the origin server.

Important

For your bucket to work with CloudFront, the name must conform to DNS naming requirements. For more information, see
Bucket Restrictions and Limitations in the Amazon Simple Storage Service Developer Guide.

If you're using a CNAME with Amazon S3, specify the CNAME for your distribution, too.

Create a test web page that contains links to publicly readable objects in your Amazon S3 bucket, and test the links.
For this initial test, use the CloudFront domain name of your distribution in the object URLs, for example,
http://d111111abcdef8.cloudfront.net/images/image.jpg.

If you're using Amazon S3 CNAMEs, your application uses your domain name (for example, example.com) to reference
the objects in your Amazon S3 bucket instead of using the name of your bucket (for example, myawsbucket.s3.amazonaws.com).
To continue using your domain name to reference objects instead of using the CloudFront domain name for your distribution
(for example, d111111abcdef8.cloudfront.net), you need to update your settings with your DNS service provider.

For Amazon S3 CNAMEs to work, your DNS service provider must have a CNAME resource record set for your domain
that currently routes queries for the domain to your Amazon S3 bucket. For example, if a user requests this object:

http://example.com/images/image.jpg

the request is automatically rerouted, and the user sees this object:

http://myawsbucket.s3.amazonaws.com/images/image.jpg

To route queries to your CloudFront distribution instead of your Amazon S3 bucket, you need to use the method provided by
your DNS service provider to update the CNAME resource record set for your domain. This updated CNAME record will
start to redirect DNS queries from your domain to the CloudFront domain name for your distribution. For more information,
see the documentation provided by your DNS service provider.

After you update the CNAME resource record set, it can take up to 72 hours for the change to propagate throughout
the DNS system, although it usually happens faster. During this time, some requests for your content will continue to
be routed to your Amazon S3 bucket, and others will be routed to CloudFront.

Moving an Amazon S3 Bucket to a Different Region

If you're using Amazon S3 as the origin for a CloudFront distribution and you move the bucket to a different region, CloudFront
can take up to an hour to update its records to include the change of region when both of the following are true:

You're using a CloudFront origin access identity (OAI) to restrict access to the bucket

You move the bucket to an Amazon S3 region that requires Signature Version 4 for authentication

To force a faster update to CloudFront's records, you can update your CloudFront distribution, for example, by updating the
Comment field on the General tab in the CloudFront console. When you update a distribution,
CloudFront immediately checks on the region that your bucket is in; propagation of the change to all edge locations
should take less than 15 minutes.